How Safe Is WordPress?
In light of the security problems found (and fixed) last month in a couple of popular plugins, I thought this was a timely topic.
Two very popular plugins used by clients and that I use myself are WordPress SEO by Yoast and Google Analytics by Yoast, both, as it turns out, from Yoast. These are great plugins; I recommend them if you’re not using them already.
Last week a security vulnerability was found in WordPress SEO – not an actual problem, but a potential issue that could have become a target of hackers (in this case, a hacker could have targeted a logged-in user on a website and made changes to the database). Yoast was quick to fix the issue and put out an update, which was pushed to WP Minder client sites right away.
Then a few days later, another issue was found in Google Analytics by Yoast – again, not a problem yet, but a way that hackers could change the list of Google Analytics profiles being tracked. Again, the plugin was fixed and an update was released by Yoast (and pushed to all our WP Minder client sites).
So, how safe is WordPress?
Is this worrisome? Not particularly. While it’s true there have been a few major security issues with WordPress plugins in the past (timthumb is probably the best example), it happens very rarely. And it’s worth mentioning that there have been no major security issues with WordPress core files since June 2010 – every security problem that has arisen has been because of plugins and themes, or because site owners have let simple security measures like updates and backups lapse.
One of the reasons that WordPress is so safe is the big community of developers and users that support it. This translates to the majority of potential problems being caught early, and the ability to update plugins with a single click makes it far easier to get the corrected software in place on a website quickly than the complicated update processes used by other content management systems.
WP Minder works to lessen the risks by keeping your files, themes and plugins up to date, maintaining fresh backups, and helping you manage access to your sites. By closing loopholes quickly, we’re making it much more difficult for hackers to access your website.